#oracle

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: Siemens Equipment: CPCI85 Central Processing/Communication Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with physical access to the device to decrypt the firmware. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens CPCI85 Central Processing/Communication: All versions prior to V05.30 3.2 Vulnerability Overview 3.2.1 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522 The affected devices contain a secure element which is connected via an unencrypted SPI bus...

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.)

Ubuntu Security Notice 7121-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7120-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7121-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 7120-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network

In the future, the cybersecurity landscape likely will depend not only on the ability of federal workforces to protect their agencies but also on their capacity to continuously develop and sharpen those skills.

Ubuntu Security Notice 7102-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.